[wplug] howto advertise all ports as open
Alexandros Papadopoulos
apapadop at cmu.edu
Sat Mar 29 16:02:36 EST 2003
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi list!
I've come across the idea of having a machine overwhelm an attacker by
presenting *all* ports as listening/open. Unfortunately I haven't found
anything like a kernel module that can emulate this behavior, and sure
enough, it can only be implemented at the kernel level, as it involves
IP stack trickery.
Example: I run a client machine with no listening ports, but as a
"public service" (or just for fun) I employ this nice module (if I ever
find it...) that tricks port scanners into believing that all my well
known ports (anything in /etc/services) are open. The attacker/script
thinks they hit the jackpot, and proceed to spend many hours banging on
my machine with probes/exploits, only to have absolutely nothing
happen. No RSTs, no ECHO replies, no handshakes. Everything vanishes in
a black hole (netfilter DROP). The attacker quits in frustration.
Does anyone know of such a module?
Thanks
- -A
- --
http://andrew.cmu.edu/~apapadop/pub_key.asc
3DAD 8435 DB52 F17B 640F D78C 8260 0CC1 0B75 8265
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQE+hgnsgmAMwQt1gmURAr1lAJwKE5HJJqIABDxEC1qpATFm5GznvQCfUH2i
YbkDq4byzPSJl9HSOAV6m/8=
=Eu2g
-----END PGP SIGNATURE-----
More information about the wplug
mailing list